Silk Road arrest exposes a hidden Internet

Ian Duncan and Justin Fenton, The Baltimore Sun

The end came quickly for Silk Road, when federal agents crept in to nab the alleged kingpin of the secret $1.2 billion online drug marketplace as he sat at his laptop in the sci-fi section of a San Francisco public library.

Within hours, though, many vendors and customers who said they used the "Deep Web" bazaar were back in action — moving to similar websites like Sheep Marketplace, which advertises marijuana, LSD and a multitude of prescription pills for sale in largely untraceable transactions.

The charges against Silk Road's alleged founder in Maryland and New York rank among the highest-profile Internet crime busts, but the success of the site rested on a number of technologies that remain available to almost anyone who wants to use the Internet anonymously. For example, signing up for Sheep Marketplace requires just a few minutes and the free installation of a special browser.

The events of the past week have drawn renewed attention to the underground of the Internet, where users hide their identities, bounce information around the world to obscure its origin, access hidden sites with extensions like ".onion" and spend digital currency known as Bitcoins.

But experts say the technology that allows drug dealers and child pornographers to flourish is also a legitimate protector of Internet privacy and a crucial check on government power. So-called Deep Web applications have helped activists drive forward the Arab Spring and get around China's Great Firewall.

Some of the tools used by Silk Road and its patrons were developed by the U.S. government, and observers say they could become increasingly popular here as the populace reckons with revelations of vast Internet surveillance by the National Security Agency.

"Why wouldn't you be interested in anonymity, with all the recent releases of information that the NSA has been pervasively tracking almost everything we do online?" asked Michael Taylor, a computer science professor at the University of California, San Diego. "It gets back to the fundamental freedoms that Americans tend to believe they have."

Like many of his site's users, authorities say, the founder of Silk Road operated anonymously under an outlandish nickname: Dread Pirate Roberts. Ross William Ulbricht appeared for a second time in a federal court in California on Friday and was held in custody. He has not entered a plea in court.

He is charged in New York with drug, computer-hacking and money-laundering offenses. In Maryland, Ulbricht is accused of attempting to order the torture and killing of one of his employees, a deal that was staged by an undercover agent.

Authorities say $1.2 billion in drugs and other contraband were sold on Silk Road in its 21/2 years online, earning Ulbricht about $80 million in commissions. On Sept. 23 alone, court documents say, the site had 13,000 listings for drugs.

The charges against Ulbricht point to the ways criminals can abuse systems designed to protect privacy. Chief among those technologies are Tor, a way to browse and post to the Web without being traced; Bitcoin, an online currency; and PGP, an email encryption system.

But while Silk Road relied heavily on those tools as an alleged marketplace for illegal transactions, they have a life independent of the site and of any criminal activity. Bitcoin, for example, can be used to make international payments easily, and Tor is favored by political activists seeking to protect their identities.

"People have had the ability to set up enterprises that violate laws for a long time," said Phil Zimmermann, who developed PGP, or "pretty good privacy," as a human rights tool in the 1990s. "I don't think that Silk Road is any worse than any other … conduit through which you could sell anything legal or illegal."

Federal authorities recognize that many of the tools used by Silk Road have "legitimate uses," according to a criminal complaint filed against Ulbricht in New York, but they also described in extensive detail how the online marketplace relied on them.

Silk Road operated as a hidden site on the Tor network. It was only accessible using a special browser and found at an address ending in .onion rather than the more familiar .com or .net.

Once a user logged onto the site, it was a simple step to sign up and start shopping. Images taken from the Silk Road site by the FBI show cocaine, hydroponically grown marijuana and LSD for sale.

Users and administrators from both Silk Road and Sheep Marketplace did not respond to interview requests. Sheep Marketplace had about 1,700 advertisements listing drugs Friday, up from 1,000 a day before.

To buy something from Silk Road, users needed a stash of Bitcoins. The data that makes up a Bitcoin is essentially the history of every transaction in which it has been used. The electronic currency, the FBI says, is useful for illegal transactions because — like cash — it is difficult to trace.

"I'd say Bitcoin was essential for this kind of marketplace to develop," said Sarah Meiklejohn, a doctoral candidate at the University of California, San Diego who studied the currency's criminal potential.

Silk Road added an extra layer of complexity. According to the FBI documents, it required customers to maintain a "bank" on the site. Any transaction would then be passed through a system that made it very difficult to determine which particular Bitcoins were associated with a purchase, according to the charging papers.

Many former Silk Road users have comforted themselves in message board discussions, saying Ulbricht used sound technology, and authorities in Maryland and New York were only able to track him down because he made old-fashioned mistakes.

The Tor Project, a nonprofit that helps run the anonymous browsing system, agreed. A blog post on its website said the federal investigation did not reveal any new vulnerabilities in their platform.

But Britain's Guardian newspaper, relying on documents provided by leaker Edward Snowden, reported Friday that the NSA has been seeking ways to hack through Tor's protections.

And FBI documents filed in the Silk Road case say agents were able to obtain a copy of the data on the site's servers, giving the agency access to a wealth of data about the site. That step in the investigation is not clearly explained, according to Nicolas Christin, a researcher at Carnegie Mellon University.

Still, the federal complaint spells out a number of elementary mistakes Ulbricht is said to have made — including posting to public websites using an email address linked to his real name — that the FBI says eventually led agents to him.

Federal drug charges filed against a man in Seattle last week highlight how the mail itself is a weak link. According to the filings, postal inspectors tracked down a man they say was among the largest Silk Road vendors by tracing the mailboxes he used to allegedly send packages of drugs and asking postal employees to keep a lookout for anyone sending similar parcels.

Eventually, an employee spotted a woman and got her license plate, leading agents to their suspect.

As for other services like Sheep Marketplace, a spokeswoman for the Drug Enforcement Administration said they were on the agency's radar as well. "We're absolutely aware of this as a trend and we're looking at them for sure," Dawn Dearden said.

Despite the crackdown on Silk Road, some privacy experts and researchers said the underlying technologies could benefit from the FBI investigation — using the widespread publicity to highlight their legitimate applications.

For example, the experience of many people with Bitcoin "was in the context of Silk Road," Meiklejohnsaid. Buther research suggested that only about 5 percent of Bitcoin transactions passed through Silk Road and the coins the FBI says it has seized represent only a tiny fraction of all the millions in circulation.

Bitcoin, which was developed by someone or a group of people using the pseudonym Satoshi Nakamoto, has attracted attention from venture capitalists. Tyler and Cameron Winkelvoss, twins who gained fame for battling Mark Zuckerberg over the rights to Facebook, have proposed an investment fund based on the currency.

Another company is developing an ATM that can be used to turn Bitcoins into cash and vice versa, and the blogging platform WordPress accepts Bitcoins alongside payment methods like PayPal.

Jinyoung Lee Englund, a spokeswoman for the Bitcoin Foundation, which promotes and maintains standards for the currency, said the value of Bitcoin to criminals is limited if they want to convert their loot into hard currency.

"Bitcoin makes you more traceable than cash," she said. "You have to go to great lengths to cover your tracks."

Damaging to privacy

Blaming privacy services for criminal activity could harm legitimate users, experts said, such as dissidents in China or revolutionaries in the Middle East who rely on it to communicate while evading the watch of government spies.

Zimmermann said new technologies have challenged law enforcement agencies for years — pointing to bank robbers Bonnie and Clyde, who used getaway cars to confound police in the 1930s. Frustrated police departments began to wonder whether restricting automotive travel might be a good idea, he said.

"That argument did not carry the day," Zimmermann said. And he said the debate over encryption technology was similarly settled in the 1990s. Now many laws require corporations to encrypt their data.

And Jerry Brito, a researcher at the Mercatus Center at George Mason University, compared being able to browse and post to the Web anonymously to publishing books under a pseudonym — as James Madison, Alexander Hamilton and John Jay did with "The Federalist."

"Someone should have the ability to put up a website to make a statement without revealing who they are," Brito said.

On Silk Road forums, which were still operating this week, some users say they believed the site was a similarly virtuous attempt to trade drugs without the risks of violence associated with buying on the street.

"Dread Pirate Roberts … has single-handedly kept world governments at bay for two and a half years," wrote a moderator on the official forums who uses the name Libertas.

"This idea that this one entity can successfully thwart the phenomenal resources and bloodthirsty power of numerous governments for so long is something that should be taken to heart, and never forgotten."

Tor – Short for "The Onion Router," the name describes how Internet traffic is passed through many layers to disguise the user's identity and location. It was originally developed by the U.S. Navy.

Bitcoin – A virtual currency that is difficult to trace. It was designed by someone using the name Satoshi Nakamoto and launched in 2009. One Bitcoin is currently worth about $135 on the largest exchange.

PGP – Short for "Pretty Good Privacy," the technology encrypts email traffic. Some on Silk Road also used PGP to conceal mailing addresses. Developed by Phil Zimmermann in 1991 as a human rights tool, its export was challenged by federal authorities.